[Cryptech Tech] token api
Jakob Schlyter
jakob at kirei.se
Wed Mar 12 20:56:57 UTC 2014
On 11 mar 2014, at 21:43, Randy Bush <randy at psg.com> wrote:
> it was suggested that there should be an underlying api which pkcs#11
> could use as could other apis such as gpg's. it would be more elegant
> and 'correct' than straight pkcs#11. but as near as we got to
> articulating this underlying api was to agree to try to abstract
> pkcs#11, gpg, and any other key examples we can find. as this had not
> been discussed before, things got pretty squishy quickly.
I agree, and IMHO no one actually suggested that a direct mapping from an upper layer API such as PKCS#11 or GPG would be a reasonable way forward. We need to map the upper layer APIs we see today, as well as pure management operations, to write a reasonable set of requirements on the protocol to be used to talk to the cryptech device.
jakob
More information about the Tech
mailing list